Cisco patches vulnerability in WebEx

Doug OlenickApril 23, 2018

A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.

The vulnerability, CVE-2018-0112, is due to an insufficient input validation by the WebEx clients. To take advantage of this flaw an attacker would send meeting attendees a malicious Flash (.swf) file through the client's file-sharing protocol, the advisory reported. If properly exploited the attacker will be able to run arbitrary code on the system of the targeted user.

The versions impacted are:

Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2
Cisco WebEx Business Suite (WBS32) client builds prior to T32.10
Cisco WebEx Meetings with client builds prior to T32.10
Cisco WebEx Meetings Server builds prior to 2.8 MR2

“Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability,” the company said.

Doug Olenick

Ransomware

CEO: MOVEit customers ‘happy’ with company’s response to hack

Simon HenderySeptember 29, 2023

The Progress Software boss made the comment a day before a slew of vulnerabilities were revealed in one of the company’s other products.

Penetration Testing

Purple teaming in cybersecurity gains traction

SC StaffSeptember 28, 2023

SiliconAngle reports that more companies have been conducting purple team cybersecurity threat evaluations, with security penetration testing firm SpecterOps being the latest to create a collaboration between its offensive and defensive cybersecurity teams in testing and defending corporate systems.

Patch/Configuration Management

Google patches new zero-day actively exploited in the Chrome browser

Steve ZurierSeptember 28, 2023

Google's most recent patch for Chrome is the fifth actively exploited zero-day targeted by threat actors this year in the popular browser.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Cisco patches vulnerability in WebEx

Related

CEO: MOVEit customers ‘happy’ with company’s response to hack

Purple teaming in cybersecurity gains traction

Google patches new zero-day actively exploited in the Chrome browser

Related Events

Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow

Vulnerability management: Finding and fixing your fatal flaws

Generative AI: Understanding the AppSec risks and how DAST can mitigate them

Get daily email updates